https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828400#M754789 is there one easy command that you can type in that will inform the user if the system is in trusted mode or not?<BR /><BR />TD Thu, 17 Oct 2002 20:56:38 GMT Waltina L. DiPaolo 2002-10-17T20:56:38Z https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828400#M754789 is there one easy command that you can type in that will inform the user if the system is in trusted mode or not?<BR /><BR />TD Thu, 17 Oct 2002 20:56:38 GMT https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828400#M754789 Waltina L. DiPaolo 2002-10-17T20:56:38Z https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828401#M754790 Hi TD,<BR /><BR />I can't think of an easy one that a normal user can run outside of a script to check for the existence of the /tcb/files/auth/r dir or such<BR /><BR />Like create a script called trustedy_n containing<BR /><BR />if [ -d /tcb/files/auth/r ]<BR />then echo "System IS Trusted"<BR />else echo "System is NOT Trusted"<BR />fi<BR /><BR />Then user could run that script &amp; if the /tcb/files/auth/r dir exists (And it will ALWAYS exist on all trusted systems to hold the entry for root) it will echo appropriately.<BR /><BR />But I'm not sure if after unconverting the dir still remains....<BR /><BR />Else if root users are to run a command - then I'd run<BR />getprpw root<BR />to display root's trusted DB entry settings.<BR /><BR />Rgds,<BR />Jeff<BR /> Thu, 17 Oct 2002 21:38:42 GMT https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828401#M754790 Jeff Schussele 2002-10-17T21:38:42Z https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828402#M754791 It is fairly simple.<BR /><BR />on a trusted system you will get the usage:<BR /># /usr/lbin/modprdef<BR />Usage: modprdef -m opt=value[,opt=value]<BR /><BR />On non-trusted system:<BR /># /usr/lbin/modprdef<BR />System is not trusted<BR /><BR />The coding of command checks to see if the system is trusted first before it does anything. There are a few commands in /usr/lbin that will do this.<BR /><BR /> Thu, 17 Oct 2002 21:39:53 GMT https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828402#M754791 Michael Tully 2002-10-17T21:39:53Z https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828403#M754792 Run the command ..<BR /># /usr/lbin/modprdef<BR />and it'll tell you but I think only superuser can run it.<BR />Another way is to check the existence of file /tcb/files/auth/system/default. If it exists than the system is trusted. See ..<BR /># man iscomsec<BR />for details. Thu, 17 Oct 2002 21:45:27 GMT https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828403#M754792 S.K. Chan 2002-10-17T21:45:27Z https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828404#M754793 S.K. - yep none of the trusted commands are available to "normal" users in /usr/lbin - regardless of perms setting. Believe they're hard-coded that way.<BR /><BR />I like the test for default file - but again I wonder if it remains if the system is converted BACK to non-trusted?<BR /><BR />Rgds,<BR />Jeff Thu, 17 Oct 2002 21:54:20 GMT https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828404#M754793 Jeff Schussele 2002-10-17T21:54:20Z https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828405#M754794 Yes it does check. If you do a 'strings modprdef' it will report 'Not Superuser'<BR /><BR />Where is the 'iscomsec' program ? I have the man page but no command....? Thu, 17 Oct 2002 22:02:35 GMT https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828405#M754794 Michael Tully 2002-10-17T22:02:35Z https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828406#M754795 Michael,<BR /><BR />Believe it's a function in the /usr/include/prot.h file.<BR /><BR />Jeff Thu, 17 Oct 2002 22:20:31 GMT https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828406#M754795 Jeff Schussele 2002-10-17T22:20:31Z https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828407#M754796 It's a system call, not a regular executable. If all iscomsec() is doing is checking for existence of the "default" file to detemine if the system is trusted or not (from the man page), I don;t see why we can't just say "ls /tcb/files/auth/system/default" and if it's there, it's trusted. Thu, 17 Oct 2002 22:22:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828407#M754796 S.K. Chan 2002-10-17T22:22:37Z https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828408#M754797 I have several systems in trusted mode. Don't really want to revert back to test to see of the modprdef still works. Is there a doc you can refer me to, other than the man pages, that will give me a bit more info?<BR /><BR />TD Fri, 18 Oct 2002 13:14:52 GMT https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828408#M754797 Waltina L. DiPaolo 2002-10-18T13:14:52Z https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828409#M754798 Check out these docs.<BR /><BR /><A href="http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90121/B2355-90121_top.html&amp;con=/hpux/onlinedocs/B2355-90121/00/00/4-con.html&amp;toc=/hpux/onlinedocs/B2355-90121/00/00/4-toc.html&amp;searchterms=trusted&amp;queryid=20021018-082055" target="_blank">http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90121/B2355-90121_top.html&amp;con=/hpux/onlinedocs/B2355-90121/00/00/4-con.html&amp;toc=/hpux/onlinedocs/B2355-90121/00/00/4-toc.html&amp;searchterms=trusted&amp;queryid=20021018-082055</A><BR /><BR /><A href="http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90742/B2355-90742_top.html&amp;con=/hpux/onlinedocs/B2355-90742/00/00/66-con.html&amp;toc=/hpux/onlinedocs/B2355-90742/00/00/66-toc.html&amp;searchterms=trusted&amp;queryid=20021018-082055" target="_blank">http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90742/B2355-90742_top.html&amp;con=/hpux/onlinedocs/B2355-90742/00/00/66-con.html&amp;toc=/hpux/onlinedocs/B2355-90742/00/00/66-toc.html&amp;searchterms=trusted&amp;queryid=20021018-082055</A> Fri, 18 Oct 2002 13:17:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828409#M754798 S.K. Chan 2002-10-18T13:17:37Z https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828410#M754799 Thanks. I've already read over them. They're not detailed enough. But thanks.<BR /><BR />TD Fri, 18 Oct 2002 16:05:39 GMT https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828410#M754799 Waltina L. DiPaolo 2002-10-18T16:05:39Z https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828411#M754800 There is no iscomsec program, but it would be trivial to write one that calls iscomsec and returns an exit status based on the result.<BR />From the iscomsec manual page:<BR /><BR />Notes<BR /> iscomsec determines if the system is a trusted system or not by<BR /> checking the file, /tcb/files/auth/system/default. If the file<BR /> exists, then the system is a trusted system. If the file does not<BR /> exist, then the system is not a trusted system.<BR /> Sun, 20 Oct 2002 09:31:46 GMT https://community.hpe.com/t5/operating-system-hp-ux/10-2-thru-11-trusted-system/m-p/2828411#M754800 doug hosking 2002-10-20T09:31:46Z